14 matches found
CVE-2026-34820 Endian Firewall /manage/ipsec/ remark Stored Cross-Site Scripting
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
CVE-2026-29828
DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...
CVE-2025-11886
The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'ctlarcadelitepagemanagegames' page. This makes it possible for unauthenticated attackers to deactivate and...
CVE-2025-12400
CVE-2025-12400 concerns the WordPress plugin LMB^Box Smileys. The vulnerability is a CSRF to Stored XSS in all versions up to 3.2, caused by missing or incorrect nonce validation in the plugin’s manage_page() function. As described, unauthenticated attackers can cause a site administrator to perf...
WordPress plugin LMB Box Smileys 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...
CVE-2025-6868
A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2023-1054
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of...
PT-2024-15725 · WordPress · Insert Php Code Snippet
Name of the Vulnerable Software and Affected Versions: Insert PHP Code Snippet plugin for WordPress versions up to, and including, 1.3.4 Description: The issue allows for Stored Cross-Site Scripting via the user's name when accessing the "insert-php-code-snippet-manage" page due to insufficient...
CVE-2023-1054
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of...
CVE-2022-32404
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manageinmate.php:3...
PT-2020-10450 · Wso2 · Wso2 Api Manager
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 Description: A potential Reflected Cross-Site Scripting XSS issue has been identified in defining a scope in the "manage the API" page of the API Publisher. Recommendations: For WSO2 API Manager version 2.6.0,...
File upload vulnerability in BootCMS manage.php page
BootCMS is an open source content management system that runs under PHP + MySQL and is protected by a GPL license. A file upload vulnerability exists in the BootCMS manage.php page. An attacker can exploit the vulnerability to control server privileges by uploading a script Trojan...
Universal Password Login Vulnerability in Longcai MX of Longcai Technology Inc.
Longcai MX is a marketing website that caters to consumer needs and buying desires. A universal password login vulnerability exists in the '/manage' page of Longcai MX under Longcai Technology. An attacker can exploit the vulnerability to log into the system backend, view sensitive information or...
CVE-2016-5364
Cross-site scripting XSS vulnerability in managecustomfieldeditpage.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter...